SoylentNews

JOTech writes:

Enterprise Ethereum Alliance (EEA), the open standards organisation aiming to accelerate business adoption of Ethereum blockchains, today released new specifications aimed at helping businesses create more efficient, simple and interoperable blockchain networks.

The specifications include a set of APIs for enabling off chain blockchain transactions; where transactions are executed off the main network before summarised and returned to the main chain.

[...] In addition to releasing its first off chain specification, EEA released version three of its client specification, which defines ways to speed up transactions via permissions automation and a faster consensus algorithm; the Clique Proof of Authority (POA) algorithm.

Source: https://techerati.com/news-hub/enterprise-ethereum-means-business-with-improved-speed-and-interoporability/

Original Submission

Fnord666 writes:

https://www.securityweek.com/remote-code-execution-vulnerability-impacts-sqlite

A use-after-free vulnerability in SQLite could be exploited by an attacker to remotely execute code on a vulnerable machine, Cisco Talos security researchers have discovered.

Tracked as CVE-2019-5018 and featuring a CVSS score of 8.1, the vulnerability resides in the window function functionality of Sqlite3 3.26.0 and 3.27.0.

To trigger the flaw, an attacker would need to send a specially crafted SQL command to the victim, which could allow them to execute code remotely.

The popular SQLite library, a client-side database management system, is widely used in mobile devices, browsers, hardware devices, and user applications, Talos notes.

SQLite implements the Window Functions feature of SQL, allowing queries over a subset, or "window," of rows, and the newly revealed vulnerability was found in the "window" function.

The security researchers discovered that, after the parsing of a SELECT statement that contains a window function, in certain conditions, the expression-list held by the SELECT object is rewritten and the master window object is used during the process.

Original Submission

RamiK writes:

I'm tired of the dominance of the out-of-order processor. They are large and wasteful, the ever-popular x86 is especially poor, and they are hard to understand. Their voodoo would be more appreciated if they pushed better at the limits of computation, but it's obvious that the problems people solve have a latent inaccessible parallelism far in excess of what an out-of-order core can extract. The future of computing should surely not rest on terawatts of power burnt to pretend a processor is simpler than it is.

There is some hope in the ideas of upstarts, like Mill Computing and Tachyum, as well as research ideas like CG-OoO. I don't know if they will ever find success. I wouldn't bet on it. Heck, the Mill might never even get far enough to have the opportunity to fail. Yet I find them exciting, and much of the offhand "sounds like Itanium" naysay is uninteresting.

This article focuses on architectures in proportion to how much creative, interesting work they've shown in public. This means much of this article comments on the Mill architecture, there is a healthy amount on CG-OoO, and the Tachyum is mentioned only in passing.

https://medium.com/@veedrac/to-reinvent-the-processor-671139a4a034

A commentary on some of the more unusual OoO architectures in the works with focus on Mill Computing's belt machines.

Original Submission

martyb writes:

A WhatsApp Call Can Hack a Phone: Zero-Day Exploit Infects Mobiles with Spyware:

A security flaw in WhatsApp can be, and has been, exploited to inject spyware into victims' smartphones: all a snoop needs to do is make a booby-trapped voice call to a target's number, and they're in. The victim doesn't need to do a thing other than leave their phone on.

The Facebook-owned software suffers from a classic buffer overflow weakness. This means a successful hacker can hijack the application to run malicious code that pores over encrypted chats, eavesdrops on calls, turns on the microphone and camera, accesses photos, contacts, and other information on a handheld, and potentially further compromises the device. Call logs can be altered, too, to hide the method of infection.

To pull this off this intrusion, the attacker has to carefully manipulate packets of data sent during the process of starting a voice call with a victim; when these packets are received by the target's smartphone, an internal buffer within WhatsApp is forced to overflow, overwriting other parts of the app's memory and leading to the snoop commandeering the chat application.

Engineers at Facebook scrambled over the weekend to patch the hole, designated CVE-2019-3568, and freshly secured versions of WhatsApp were pushed out to users on Monday. If your phone offers to update WhatsApp for you, do it, or check for new versions manually. The vulnerability is present in the Google Android, Apple iOS, and Microsoft Windows Phone builds of the app, which is used by 1.5 billion people globally.

"A buffer overflow vulnerability in WhatsApp VoIP [voice over IP] stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number," said Facebook in an advisory on Monday.

"The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15."

[...] Pegasus, once installed on a victim's device, can record phone calls, open messages, activate the phone's camera and microphone for further surveillance, and relay back location data. While NSO claims it carefully vets its customers, the malware has been found on the phones of journalists, human rights campaigners, lawyers, and others.

Also at: Ars Technica, Facebook.

Original Submission

upstart writes:

Submitted via IRC for AnonymousLuser:

Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution

Linux machines running distributions powered by kernels prior to 5.0.8 are affected by a race condition vulnerability leading to a use after free, related to net namespace cleanup, exposing vulnerable systems to remote attacks.

Potential attackers could exploit the security flaw found in Linux kernel's rds_tcp_kill_sock TCP/IP implementation in net/rds/tcp.c to trigger denial-of-service (DoS) states and to execute code remotely on vulnerable Linux machines.

The attacks can be launched with the help of specially crafted TCP packets sent to vulnerable Linux boxes which can trigger use-after-free errors and enable the attackers to execute arbitrary code on the target system.

The remotely exploitable vulnerability has been assigned a 8.1 high severity base score by NIST's NVD, it is being tracked as CVE-2019-11815 (Red Hat, Ubuntu, SUSE, and Debian) and it could be abused by unauthenticated attackers without interaction from the user.

Luckily, because the attack complexity is high, the vulnerability received an exploitability score of 2.2 while the impact score is limited to 5.9.

[...] The Linux kernel developers issued a patch for the CVE-2019-11815 issue during late-March and fixed the flaw in the Linux kernel 5.0.8 version released on April 17.

Original Submission

An Anonymous Coward writes:

https://www.youtube.com/watch?v=EY6q5dv_B-o

In the 1960s-1970s, Ken Thompson co-invented the UNIX operating system along with Dennis Ritchie at Bell Labs. He also worked on the language B, the operating system Plan 9, and the language Go. He and Ritchie won the Turing Award. He now works at Google. He's interviewed by Brian Kernighan of "K&R" fame.

This talk took place May 4, 2019. Videography courtesy of @thegurumeditation (Facebook), @thegurumeditate (Twitter)

[Ed note: We generally do not post stories that are strictly video-sourced, but given the stature of the participants in the programming world, I decided to make an exception. If videos are not interesting to you, please wait a bit and another story will be along before too long.]

Original Submission

takyon writes:

Trump adds $1.6 billion to NASA budget request to kick start 'Artemis' moon mission

The Trump administration is adding an additional $1.6 billion to NASA's $21 billion 2020 budget request to kick start plans to return American astronauts to the moon in 2024, four years earlier than previously planned, NASA announced Monday. In a surprise announcement, agency Administrator Jim Bridenstine said the revitalized moon program will be named Artemis after the Greek goddess of the moon.

[...] According to a NASA fact sheet, the new budget request includes $1 billion "to enable NASA to being supporting the development of commercial human lunar landing systems three years earlier than previously envisioned. This acquisition strategy will allow NASA to purchase an integrated commercial lunar lander that will transport astronauts from lunar orbit to the lunar surface and back."

Gateway development will be limited to what is needed to make the station a viable staging base for trips to the surface. That will free up $321 million for other moon spending. An additional $651 million is earmarked for the Space Launch System — SLS — heavy lift rocket and Orion spacecraft. Lunar surface technologies and propulsion systems would receive an additional $132 million with $90 million going to robotic exploration and research near the moon's south pole.

[...] The same day Bridenstine talked of the challenge of landing on the moon, Amazon-founder Jeff Bezos unveiled a lunar lander called Blue Moon that could put 6.5 metric tons on the surface of the moon. He said Blue Moon, carrying an ascent stage, could meet NASA's schedule for landing astronauts on the surface by 2024.

Previously: NASA Chief Says a Falcon Heavy Rocket Could Fly Humans to the Moon
Here's Why NASA's Audacious Return to the Moon Just Might Work
Lockheed Martin Proposes Streamlined Lunar Gateway for 2024 Manned Lunar Landing

Original Submission

takyon writes:

Swedish prosecutor reopens Assange rape investigation, will seek extradition

Sweden's state prosecutor said on Monday she would reopen an investigation into a rape allegation against WikiLeaks founder Julian Assange and seek his extradition from Britain.

Prosecutor Eva-Marie Persson told a news conference she would continue and conclude a preliminary investigation that was dropped in 2017 without charges being brought as Assange had taken refuge in the Ecuadorean embassy in London.

[...] The Swedish prosecutor's office said it would shortly request Assange be detained in his absence on probable cause for an allegation of rape and that it would issue a European arrest warrant - the process under which his extradition would be sought.

Please extradite me to Sweden and not the U.S.?

Also at BBC:

Wikileaks said the reopening of the rape case would give Assange "a chance to clear his name". "There has been considerable political pressure on Sweden to reopen their investigation, but there has always been political pressure surrounding this case," its editor-in-chief, Kristinn Hrafnsson, said in a statement.

A lawyer for Assange told Swedish broadcaster SVT that the decision was "embarrassing for Sweden", adding that his client wanted to resolve the case but feared being extradited to the US.

Original Submission

An Anonymous Coward writes:

Europe is bracing itself for a big shake-up in how we pay for things online, which will have significant consequences for businesses across the region. Similar to how GDPR hugely impacted how millions of organizations handle personal data when it was enforced last year, Strong Customer Authentication (or SCA) will have profound implications for how businesses handle online transactions and how we pay for things in our everyday lives when it is enforced on September 14.

SCA will require an extra layer of authentication for online payments. Where a card number and address once sufficed, customers will now be required to include at least two of the following three factors to do anything as simple as order a taxi or pay for a music streaming service. Something they know (like a password or PIN), something they own (like a token or smartphone), and something they are (like a fingerprint or biometric facial features).

https://thenextweb.com/podium/2019/05/10/your-business-passed-the-gdpr-challenge-but-sca-is-next/

Original Submission

Fnord666 writes:

https://www.engadget.com/2019/05/13/supreme-court-apple-app-store-price-fixing-lawsuit/

The Supreme Court has ruled against Apple in a long-standing case over price fixing in the App Store, in a decision that allows iPhone owners to proceed with a lawsuit against the company. The court heard arguments in the case in November, and the decision was expected sometime this spring.

The plaintiffs claim Apple has a monopoly over iOS app distribution, which it uses unfairly to pass along its 30 percent cut of app sales to consumers. Apple claimed it was a middleman for app distribution, and that developers set the price. Since developers are the ones who pay Apple's commission, and not consumers, only they should be able to file a lawsuit on the issue, the company said.

The case hinged on the question of whether people who buy iOS apps do so directly from Apple. Following a 1977 decision on the case of Illinois Brick Co. v. Illinois, only direct purchasers of products can file federal antitrust lawsuits.

Those behind the suit say that because payments go to Apple directly, and not the developers, consumers have a direct relationship with the company, and as such that makes this an antitrust case. They also claim that if consumers had other options for apps beyond the App Store, they'd pay less for them, while Apple would be under "considerable pressure" to lower its "pure profit" commission rate.

Original Submission

Phoenix666 writes:

Phys.org:

[...] Most of what we know about human-microbiome interactions is based on correlational studies between disease state and bacterial DNA contained in stool samples using genomic or metagenomic analysis. This is because studying direct interactions between the microbiome and intestinal tissue outside the human body represents a formidable challenge, in large part because even commensal bacteria tend to overgrow and kill human cells within a day when grown on culture dishes. Many of the commensal microbes in the intestine are also anaerobic, and so they require very low oxygen conditions to grow which can injure human cells.

A research team at Harvard's Wyss Institute for Biologically Inspired Engineering led by the Institute's Founding Director Donald Ingber has developed a solution to this problem using 'organ-on-a-chip' (Organ Chip) microfluidic culture technology. His team is now able to culture a stable complex human microbiome in direct contact with a vascularized human intestinal epithelium for at least 5 days in a human Intestine Chip in which an oxygen gradient is established that provides high levels to the endothelium and epithelium while maintaining hypoxic conditions in the intestinal lumen inhabited by the commensal bacteria. Their "anaerobic Intestine Chip" stably maintained a microbial diversity similar to that in human feces over days and a protective physiological barrier that was formed by human intestinal tissue.

Scientists will be able to use the system to directly test their hypotheses about the effect of the micro-biome on human health. If they're able to establish keystone species or combinations of micro-biota that combat depression or obesity or disorders like Crohn's Disease they could craft medicines or treatments for conditions that are currently intractable.

Original Submission

Fnord666 writes:

https://arstechnica.com/science/2019/05/hermeus-announces-plan-to-build-the-fastest-aircraft-in-the-world/

A new aerospace company has entered the race to provide supersonic commercial air travel. On Monday, a US-based company named Hermeus announced plans to develop an aircraft that will travel at speeds of up to Mach 5. Such an aircraft would cut travel time from New York to Paris from more than 7 hours to 1.5 hours.

Hermeus said it has raised an initial round of funding led by Khosla Ventures, but it declined to specify the amount. This funding will allow Hermeus to develop a propulsion demonstrator and other initial technologies needed to make its supersonic aircraft a reality, Skyler Shuford, the company's chief operating officer, told Ars.

The announcement follows three years after another company, Boom Supersonic, declared its own intentions to develop faster-than-sound aircraft. As of January 2019, Boom had raised more than $140 million toward development of its Overture airliner, envisioned to travel at Mach 2.2, which is about 10 percent faster than the Concorde traveled.

Officials with Boom Supersonic have said its planes could be ready for commercial service in the mid-2020s, and they added that Virgin Group and Japan Airlines have preordered a combined 30 airplanes.

Original Submission

upstart writes:

Submitted via IRC for AnonymousLuser

Blocking Hyperlink Auditing Tracking Pings with Extensions

For those who are not familiar with hyperlink auditing, or Pings, it is an HTML feature that allows sites to track when a link is clicked. Creating hyperlink auditing URLs is very easy, as you can simply create a normal hyperlink HTML tag, but also include a ping="[url]" variable as shown below.

<a href="https://www.google.com/" ping="https://www.bleepingcomputer.com/pong.php">Ping Me</a>

[...] With most popular browsers now enabling this feature by default, with Firefox doing so in the future, the only way to disable hyperlink auditing is through the use of browser addons and extension. For those who want to retain control over whether this feature can be used, below are three extensions that allow you to disable hyperlink auditing pings in Chrome and Firefox.

Original Submission

Chocolate writes:

It was only a matter of time. With each subsequent Matrix sequel released it grew clearer that the story was not ended. There would be more. Possibly to explain what exactly happened in the third movie, and why the second was even ever needed. So, now, here it comes: A fourth matrix film is reported to be in the works with Keanu stating that he would not turn down the opportunity to be Neo again. This may be the answer to the loyal followers of the Fanimatrix who have asked for a long time if there would be a sequel.

Maybe they will just retcon the lot, throw it all down the well as Neo's nightmare, and save the series with a decent ending.

Original Submission

Fnord666 writes:

https://arstechnica.com/science/2019/05/study-finds-ultimate-fate-of-leidenfrost-droplets-depends-on-their-size/

In 1756, a German scientist named Johann Gottlob Leidenfrost reported his observation of an unusual phenomenon. Normally, water splashed onto a very hot pan sizzles and evaporates very quickly. But if the pan's temperature is well above water's boiling point, "gleaming drops resembling quicksilver" will form and will skitter across the surface. It's known as the "Leidenfrost effect" in his honor.

In the ensuing 250 years, physicists came up with a viable explanation for why this occurs. If the surface is at least 400 degrees Fahrenheit (well above the boiling point of water), cushions of water vapor, or steam, form underneath them, keeping them levitated. The Leidenfrost effect also works with other liquids, including oils and alcohol, but the temperature at which it manifests will be different. In a 2009 Mythbusters episode, for instance, the hosts demonstrated how someone could wet their hand and dip it ever so briefly into molten lead without injury, thanks to this effect.

But nobody had been able to identify the source of the accompanying cracking sound Leidenfrost reported. Now, an international team of scientists has filled in that last remaining gap in our knowledge with a recent paper by Mathai et al. in Science Advances.

The answer: it depends on the size of the droplet.

Original Submission